Resetting Windows Password With Kali Linux

So I often have to ‘break’ into VMs when migrating them. I put the word break into quotation marks because I’m doing it for the company… Which leads me to this post, I wanted to show you how I go about resetting Windows password with Kali Linux.

This should only be done ethically and legally!

What I mean by that is, make sure you have the right to access the machine and have approval from the owner to reset the password. Fun times ahead!

I’ve also written this on Medium.com.

Why?

What do you mean why? It’s fairly simple!

This most often comes up for me if a user has forgotten the password. Most commonly, because they haven’t used the system for a while, or they have an auto-complete function which fails once the system has been migrated to a new host.

Why use Kali Linux? Well because it is the most robust method I’ve found for quickly resetting Windows passwords. It has a nice built in utility for this, along with a bunch of other Windows tools.

You can also reset Windows passwords using the Windows installer, or by using Ubuntu. However, both of those methods have their own downsides which make Kali my favourite.


Who Owns Microsoft?

Microsoft is one of the largest and most recognisable companies on the planet, operating in…

Read More

Lets hop in!🦘

Resetting Windows Password With Kali Linux

First, mount the Kali Linux live boot ISO to the VM. I’ll be using 2021.2-live-amd64, just in case you cared.

In the boot menu for the VM, chose to boot from the CD Drive. For example, this is what it looks like with a VMware machine:

Resetting Windows Passwords With Kali Linux
The VMware boot screen

When you see the Kali Linux live menu, boot using the Live (Forensic Mode):

Kali Linux forensic mode

Once loaded, open the File Manager, find the Windows boot drive in the left side of the menu and navigate to /Windows/system32/config:

Resetting Windows Passwords With Kali Linux - config path
Finding /Windows/system32/config

Open a terminal inside that folder by right-clicking in the empty space:

Resetting Windows Passwords With Kali Linux - open terminal
Opening a terminal inside the open folder

Inside the terminal, type the following command:

chntpw -I SAM

This will show all the users that Kali Linux has found on the Windows install.

I want to reset the built-in Administrator account, so feel free to update the command I use below:

chntpw -u Administrator SAM
  1. Select Option 1
  2. Once complete, press ‘q’ to exit
  3. Finally, press ‘y’ to save the changes

You can now reboot the server back into Windows and the Administrator password will be blank. 

Make sure to add a new password to the Administrator account and to unmount the Kali Linux live ISO from the VM!

Potential Issue

You might run into an error stating that the Windows drive has been mounted in read-only mode.

To fix this, you can often run:

lsblk

From this, find the sda number or ID for the Windows install. For me, it was sda4. Once you have that, you can run the below command, making sure to use your sda number:

sudo ntfsfix /dev/sda4

Enjoy! 🎉

Leave a Comment

Your email address will not be published. Required fields are marked *

email popup image
Mark Harwood
NEVER miss a blog post again! Subscribe for email notifications whenever a new post is live!
Subscribe
NEVER miss a blog post again! Subscribe for email notifications whenever a new post is live!
Fill Out This Form, And I Will Be In Touch Shortly
Contact form image
I'll Be In Touch Soon